The Application Security Podcast

Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We’re discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorporating APIs into threat modeling exercises, the ongoing struggles with API discovery and inventory management, and the authorization challenges highlighted in the OWASP API Security Top 10. The conversation also touches on whether "shift left" is truly dead and why we still haven't solved basic security problems like input validation despite having the frameworks to address them. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast [https://twitter.com/AppSecPodcast] ➜LinkedIn: The Application Security Podcast [https://www.linkedin.com/showcase/83990241] ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast [https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A] Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The European Union's Cyber Resilience Act is set to revolutionize how we approach product security worldwide. In this episode, we sit down with application security expert Nariman Aga-Tagiyev to break down everything you need to know about this legislation. Nariman has over 20 years of software development experience and today he’s sharing his expertise with us. Learn what the EU CRA is and why it matters for global software companies, key compliance requirements, and how OWASP SAMM can help you. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast [https://twitter.com/AppSecPodcast] ➜LinkedIn: The Application Security Podcast [https://www.linkedin.com/showcase/83990241] ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast [https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A] Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Marisa Fagan, Head of Product at Katilyst and veteran security culture expert joins us today to  share practical strategies for building and scaling security champions programs that actually work, from designing effective pilots to avoiding common pitfalls that can derail your initiatives. Learn how to motivate developers using the SAPs model (Status, Access, Power, Stuff), why getting management buy-in is crucial before launching, and discover the metrics that truly demonstrate security culture success. Marisa reveals why most programs fail, shares her blueprint for creating sustainable security culture initiatives, and discusses the evolution beyond security champions to include privacy and accessibility programs.  Resources Mentioned:  • Security Champion Success Guide: https://securitychampionsuccessguide.org/ [https://securitychampionsuccessguide.org/]  • OWASP Security Champions Guide: securitychampions.owasp.org [http://securitychampions.owasp.org]  • People-Centric Security [https://www.amazon.com/People-Centric-Security-Transforming-Enterprise-Culture/dp/0071846778] book by Lance Hayden  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast [https://twitter.com/AppSecPodcast] ➜LinkedIn: The Application Security Podcast [https://www.linkedin.com/showcase/83990241] ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast [https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A] Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Aram Hovsepyan joins the podcast today to chat about the misconceptions behind common security metrics. Aram tells us how total vulnerability counts and CVSS scores can be misleading and he introduces us to the Goal Question Metric framework, this framework is a better approach to building truly effective security dashboards. Learn about the critical qualities of good metrics and how to ensure that your metrics accurately reflect your organization's security posture and readiness. Also, discover overlooked metrics that could offer deeper insights into your application security. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast [https://twitter.com/AppSecPodcast] ➜LinkedIn: The Application Security Podcast [https://www.linkedin.com/showcase/83990241] ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast [https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A] Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We’re discussing the intersections of application security (AppSec) and sales strategy with our guest, Sean Varga. Sean shares the unique challenges and best practices in AppSec sales, like the importance of empathy, understanding customer needs, and community participation. Learn about the OWASP top 10 for AppSec Sales and discover how to achieve success by aligning with customer goals, maintaining detailed living documents, and fostering strong partnerships.  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast [https://twitter.com/AppSecPodcast] ➜LinkedIn: The Application Security Podcast [https://www.linkedin.com/showcase/83990241] ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast [https://www.youtube.com/channel/UCfrTGqjSsFCQW4k6TueuY-A] Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~